CVE-2022-4031

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.
Configurations

Configuration 1 (hide)

cpe:2.3:a:simple-press:simple\:press:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:34

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.9
v2 : unknown
v3 : 3.8
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail= - Patch, Third Party Advisory () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2804020%40simplepress&new=2804020%40simplepress&sfp_email=&sfph_mail= - Patch, Third Party Advisory
References () https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031 - Third Party Advisory () https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4031 - Third Party Advisory

Information

Published : 2022-11-29 21:15

Updated : 2024-11-21 07:34


NVD link : CVE-2022-4031

Mitre link : CVE-2022-4031

CVE.ORG link : CVE-2022-4031


JSON object : View

Products Affected

simple-press

  • simple\
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')